How should I approach disclosure and confidentiality when producing a Regulatory reference?

Firms must exercise due skill and care in preparing a reference[1] and should provide as complete a picture as possible.[2] 

Nonetheless, firms need to balance the duty owed to the ‘new employer’ against the duty owed to the individual.  To this end, regulatory references should be “true, accurate, fair and based on documented fact”.[3]


[1] SYSC 22.5.4G

[2] SYSC 22.5.3G

[3] SYSC 22.5.4G

“Fairness” does not require firms to disclose EVERY detail

If a firm originally concluded that an individual was not fit and proper to perform his/her role or had breached the Conduct Rules but subsequently revised those conclusions, it does not need to disclose the original conclusion in a regulatory reference.[1]

[1] SYSC 22.6.1G

Verification of facts by employees

In order to comply with the obligation to be fair to employees, firms should investigate and verify allegations before including them in a regulatory reference.[1]  However, note that verification can happen at a time BEFORE the reference is prepared (e.g. at the time of a disciplinary hearing).[2] 

Firms are not required to disclose information that has not been properly verified.[3]  For example, a firm is not necessarily required to include in a regulatory reference the fact that an ex-employee left while disciplinary proceedings were pending or had started.  Including such information is likely to imply that there is cause for concern about the ex-employee but the firm may not have established that the ex-employee was actually responsible for misconduct.

[1] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 19

[2] SYSC 22.5.5G(3)

[3] SYSC 22.5.1R

Employees should have the opportunity to comment

“Fairness” also requires that firms should offer employees the opportunity to comment on information contained in a reference (but not the reference itself or an updated reference[1]).  It is important to note that the employee’s views are not required to be included in the reference itself.  Rather, the firm need only take those views into account as far as appropriate when deciding whether something should be disclosed and how the disclosure is drafted.[2]  Nonetheless, if it is a choice between leaving information out of a reference, or asking an employee to comment, the employee should be asked to comment.[3] 

It is expressly recognised that, of course, the employee may choose not to comment.[4] 

[1] SYSC 22.5.5G and SYSC 22.6.5G

[2] SYSC 22.2.5G

[3] SYSC 22.2.5G

[4] SYSC 22.2.5G

Mitigating circumstances

The concept of “fairness” may require a firm to qualify the conclusions it gives within a regulatory reference, or to providing mitigating circumstances.[1]

[1] SYSC 22.6.1G and 22.6.2G

Disclosing Conduct Rules breaches

Any breach by an individual of the Conduct Rules should be mentioned within a regulatory reference.[1]  To the end, firms should always ask themselves whether disciplinary action also constitutes a Conduct Rules breach.

[1] SYSC 22.6.3G

Disclosure of criminal records

Criminal records checks do not have to be carried out on all staff[1].  However, they should be conducted when appointing a Senior Manager[2], and in relation to certain other directors[3].

Either way, regulatory references do not need to include information relating to criminal records.[4]

[1] SYSC 22.5.19

[2] SUP 10C.10.16R

[3] SYSC 23.4

[4] SYSC 22.5.19G

Other matters to be considered in disclosing information

Firm should also take into account the following factors when asking for and responding to a regulatory reference[1]:

  1. any outstanding liabilities of that person from commission payments;
  2. any relevant outstanding or upheld complaint from an eligible complainant against the individual;
  3. the ‘fitness and propriety’ requirements found in Section 5 of the relevant Form A[2] (which is the application form for FCA approval for an individual to act as a Senior Manager);
  4. the requirements of FIT 2 (Main assessment criteria) which details the requirements regarding “honesty, integrity and reputation”, “competence and capability” and “financial soundness”; and
  5. the persistency of any life policies sold by the individual (this only applies if SUP 16.8.1G(1) (Persistency reports from insurers) applies to the firm from which a regulatory reference is requested).[3]


[1] SYSC 22.2.2(5)

[2] See SUP 10A Annex 4 and SUP 10C Annex 3

[3] SYSC 22, Annex 2

Regulatory references and confidentiality agreements

Firms must ensure that they do not enter into any arrangements which could limit their ability to disclose information in relation to regulatory references (i.e. non-disclosure agreements)[1].   Furthermore, the obligation to make disclosure under a regulatory reference applies even if the firm has entered into any kind of non-disclosure agreement with the individual.[2]

[1] SYSC 22.5.13R

[2] SYSC 22.5.16G

Everything you wanted to know about SM&CR - but were afraid to ask!

New to SMCR – or need a hand getting up to speed withj SMCR compliance? This guide will help you understand and implement every part of the SM&CR. You’ll learn, amongst other things:

  • How firms are classified.
  • How to identify Certification Staff.
  • The Responsibilities of a Senior Manager.
  • Conduct Rules & how they apply to your role.

Related posts